This is a tool that uses the old WerfaultSecure.exe program to dump the memory of processes protected by PPL (Protected Process Light), such as LSASS.EXE. The output is in Windows MINIDUMP format.
This tool automatically replaces the "MDMP" magic header with a PNG magic header. After the dump is complete, you need to restore the original 4-byte magic at the beginning of the file with the original 4 bytes: {0x4D, 0x44, 0x4D, 0x50} "MDMP".
WSASS.exe path_to_werfaultsecure.exe target_PID
Example: WSASS.exe C:\TMP\WerfaultSecure.exe 888